Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

GHSA-458G-Q4FH-MJ6R Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

EUVD-2004-1288

Malware in sbrugna...

EUVD-2006-5530

Malware in sbrugna...

EUVD-2021-34177

Malicious code in bioql PyPI...

CVE-2021-4350

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

CVE-2021-4350

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

CVE-2021-4350 Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated HTML Injection in versions up to, and including, 18.2. This is due to lacking authentication protections on the wpfmsendfileinemail AJAX action. This makes it possible for unauthenticated attackers to send emails usin...

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...

plesk-auth.txt

Hello, the reported vulnerability allows logins to mail and probably other services protected by plesk authentication modules on at least the current Plesk 8.6.0 Unix/Linux and could eg. be used for relaying spam through gained smtp auth priviledges. Only systems which allow short mail login name...

CVE-2006-5545

Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay...

CVE-2006-5545

Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay...

CVE-2004-1291

Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer...

CVE-2004-1291

This CVE concerns a buffer overflow in the qwik-smtpd server. The vulnerability occurs when processing a long HELO command, which overwrites an adjacent localIP data buffer and enables remote attackers to use the server as an SMTP spam relay. Affected component: qwik-smtpd; root cause: input hand...

CVE-2004-1291

Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer...

Debian GNU/Linux Sendmail Default SASL Password

The remote host is running a Sendmail server with a default SASL password of 'sendmail' / 'sendmailpwd'. A spammer may use this account to use the remote server as a spam relay for the internet. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid14832; scriptversion"1.16...

[SECURITY] [DSA 554-1] New sendmail packages fix potential open relay

-------------------------------------------------------------------------- Debian Security Advisory DSA 554-1 [email protected] http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 554-1] New sendmail packages fix potential open relay

-------------------------------------------------------------------------- Debian Security Advisory DSA 554-1 [email protected] http://www.debian.org/security/ Martin Schulze September 27th, 2004 http://www.debian.org/security/faq -...

Microsoft Windows SMTP Incorrect Credentials Authentication Bypass

The remote SMTP server is vulnerable to a flaw in its authentication process. This vulnerability allows any unauthorized user to successfully authenticate and use the remote SMTP server. An attacker may use this flaw to use this SMTP server as a spam relay. C Tenable Network Security, Inc. Thanks...

NTMail3 Arbitrary Mail Relay

Nessus has detected that the remote SMTP server allows anyone to use it as a mail relay provided that the source address is set to ''. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server...